|
# install-time ssh access |
|
sshpw --username=root --iscrypted xxx |
|
# Use text mode install |
|
text --non-interactive |
|
#vnc --port=54182 --password=secret # optional VNC config. |
|
|
|
# localisation |
|
keyboard --vckeymap=de --xlayouts='de' |
|
lang en_US.UTF-8 |
|
|
|
# Installation logging level |
|
logging --level=warning --host=<OTHER_SERVER'S_IP> --port=12345 |
|
|
|
# Network information |
|
network --bootproto=static --device=00:aa:bb:cc:dd:ee --gateway=x.x.x.254 --hostname=<YOUR_FQDN> --ip=<IP> --nameserver=213.186.33.99 --netmask=255.255.255.0 --ipv6=<IPv6> --activate --ipv6gateway=2001:41d0:xxx:xxff:ff:ff:ff:ff |
|
repo --name="AppStream" --baseurl=http://centos.mirrors.ovh.net/8/AppStream/x86_64/os/ |
|
|
|
# Use network installation from OVH CentOS mirror |
|
url --url="http://centos.mirrors.ovh.net/8/BaseOS/x86_64/os/" |
|
|
|
# SELinux configuration |
|
selinux --enforcing |
|
|
|
# Do not configure the X Window System |
|
skipx |
|
|
|
# System services |
|
firstboot --disable |
|
services --enabled="sshd,chronyd,firewalld" |
|
firewall --enabled --ssh --port=22:tcp,12345:tcp |
|
|
|
# SSH keys on new system |
|
sshkey --username=root "xxx" |
|
# sshkey --username=root "xxx2" # set multiple keys in multiple lines |
|
sshkey --username=<YOUR_USERNAME> "xxx" |
|
|
|
# System timezone |
|
timezone Europe/Berlin --isUtc --ntpservers=ntp.ovh.net |
|
user --groups=wheel,admin --name=<YOUR_USERNAME> |
|
|
|
# Partition clearing information |
|
clearpart --drives=disk/by-id/ata-INTEL_SSDxxx,disk/by-id/ata-INTEL_SSDyyy --all --initlabel --disklabel=gpt |
|
|
|
# Disk partitioning information |
|
# sda disk/by-id/ata-INTEL_SSDxxx |
|
# sdb disk/by-id/ata-INTEL_SSDyyy |
|
part biosboot --label=biosboot_a --fstype=biosboot --size=1 --ondisk=disk/by-id/ata-INTEL_SSDxxx |
|
part biosboot --label=biosboot_b --fstype=biosboot --size=1 --ondisk=disk/by-id/ata-INTEL_SSDyyy |
|
|
|
part raid.boot_a --label=boot_a --fstype=mdmember --size=1024 --ondisk=disk/by-id/ata-INTEL_SSDxxx |
|
part raid.boot_b --label=boot_b --fstype=mdmember --size=1024 --ondisk=disk/by-id/ata-INTEL_SSDyyy |
|
|
|
part raid.root_a --label=root_a --fstype=mdmember --size=20480 --ondisk=disk/by-id/ata-INTEL_SSDxxx |
|
part raid.root_b --label=root_b --fstype=mdmember --size=20480 --ondisk=disk/by-id/ata-INTEL_SSDyyy |
|
|
|
part raid.home_a --label=home_a --fstype=mdmember --grow --ondisk=disk/by-id/ata-INTEL_SSDxxx |
|
part raid.home_b --label=home_b --fstype=mdmember --grow --ondisk=disk/by-id/ata-INTEL_SSDyyy |
|
|
|
part swap --label=swap_a --size=4096 --ondisk=disk/by-id/ata-INTEL_SSDxxx |
|
part swap --label=swap_a --size=4096 --ondisk=disk/by-id/ata-INTEL_SSDyyy |
|
|
|
raid /boot --level=1 --device=boot --fstype=ext4 --label=BOOT raid.boot_a raid.boot_b |
|
raid / --level=1 --device=root --fstype=ext4 --label=ROOT raid.root_a raid.root_b |
|
raid /home --level=1 --device=home --fstype=ext4 --label=HOME raid.home_a raid.home_b |
|
|
|
# System bootloader configuration |
|
bootloader --append="nosplash crashkernel=auto" --location=mbr |
|
|
|
# post-install stuff - will be executed chroot'ed in new system |
|
%post |
|
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial |
|
#echo -e "configure-and-quit=true\ndhcp=internal" > /etc/NetworkManager/conf.d/custom.conf |
|
sed -i "s/^PermitRootLogin.*/#&\nPermitRootLogin without-password/g" /etc/ssh/sshd_config |
|
sed -i "s/^Port.*/&\nPort 12345/g" /etc/ssh/sshd_config |
|
firewall-offline-cmd --service=ssh --add-port=22222/tcp |
|
firewall-offline-cmd --remove-service cockpit |
|
sleep 3600 # give me some time to chec the install and disable netboot... connect via ssh and run "killall sleep" to avoid waiting. |
|
%end |
|
|
|
# almost minimal (but not too spartanic either) selection. mostly removes packages of no use on a dedicated server, adds podman and tmux. |
|
%packages |
|
@standard |
|
podman |
|
tmux |
|
-NetworkManager-team |
|
-blktrace |
|
-c-ares |
|
-cockpit |
|
-cryptsetup |
|
-dnf-plugin-spacewalk |
|
-dnf-plugin-subscription-manager |
|
-dos2unix |
|
-fprintd-pam |
|
-geolite2-city |
|
-geolite2-country |
|
-insights-client |
|
-iwl100-firmware |
|
-iwl1000-firmware |
|
-iwl105-firmware |
|
-iwl135-firmware |
|
-iwl2000-firmware |
|
-iwl2030-firmware |
|
-iwl3160-firmware |
|
-iwl3945-firmware |
|
-iwl4965-firmware |
|
-iwl5000-firmware |
|
-iwl5150-firmware |
|
-iwl6000-firmware |
|
-iwl6000g2a-firmware |
|
-iwl6050-firmware |
|
-iwl7260-firmware |
|
-kmod-kvdo |
|
-ledmon |
|
-libbasicobjects |
|
-libcollection |
|
-libdhash |
|
-libini_config |
|
-libldb |
|
-libnfsidmap |
|
-libpath_utils |
|
-libref_array |
|
-libsss_autofs |
|
-libsss_certmap |
|
-libsss_idmap |
|
-libsss_nss_idmap |
|
-libsss_sudo |
|
-libstoragemgmt |
|
-libtalloc |
|
-libtdb |
|
-libtevent |
|
-lvm2 |
|
-mailcap |
|
-mlocate |
|
-pinfo |
|
-plymouth |
|
-python3-dnf-plugin-spacewalk |
|
-python3-rhn-client-tools |
|
-realmd |
|
-rhn-client-tools |
|
-rhn-setup |
|
-rhnlib |
|
-rhnsd |
|
-rng-tools |
|
-sos |
|
-sssd |
|
-sssd-client |
|
-sssd-common |
|
-sssd-kcm |
|
-sssd-nfs-idmap |
|
-subscription-manager-cockpit |
|
-subscription-manager-plugin-container |
|
-teamd |
|
-trousers |
|
-trousers-lib |
|
-vdo |
|
-words |
|
-xfsdump |
|
%end |
|
|
|
# configures the kdump kernel crash dumping mechanism |
|
#%addon com_redhat_kdump --enable --reserve-mb='auto' |